On Sep 01, 2009, Marc Delisle wrote: > Hi,
Hi Marc, > I'm using fwknop 1.9.11 and trying to configure multiple users, each > having his own password and external command to run. > > In fwknop.conf here are the relevant lines: > > FIREWALL_TYPE external_cmd; > AUTH_MODE PCAP; > ENABLE_EXTERNAL_CMDS Y; > EXTERNAL_CMD_OPEN /sbin/iptables -I FORWARD -s $SRC -j ACCEPT; > EXTERNAL_CMD_CLOSE /sbin/iptables -D FORWARD -s $SRC -j ACCEPT; > EXTERNAL_CMD_ALARM 30; > > In access.conf: > SOURCE: ANY; > OPEN_PORTS: tcp/22; ### for ssh (change for access to other services) > REQUIRE_USERNAME: user1 > KEY: pass1; > FW_ACCESS_TIMEOUT: 120; > EXTERNAL_CMD_OPEN /sbin/iptables -I FORWARD -s $SRC -d > server1.domain.com -j ACCEPT; > EXTERNAL_CMD_CLOSE /sbin/iptables -D FORWARD -s $SRC -d > server1.domain.com -j ACCEPT; > EXTERNAL_CMD_ALARM 30; > > SOURCE: ANY; > OPEN_PORTS: tcp/22; ### for ssh (change for access to other services) > REQUIRE_USERNAME: user2 > KEY: pass2; > FW_ACCESS_TIMEOUT: 120; > EXTERNAL_CMD_OPEN /sbin/iptables -I FORWARD -s $SRC -d > server2.domain.com -j ACCEPT; > EXTERNAL_CMD_CLOSE /sbin/iptables -D FORWARD -s $SRC -d > server2.domain.com -j ACCEPT; > EXTERNAL_CMD_ALARM 30; > > You get the idea. But when using fwknop client 1.8.2 and sending only > the password (no username), the external command is executed. Am I using > the REQUIRE_USERNAME clause properly? Thanks for mentioning this. If you add a trailing semicolon to your user1 and user2 lines above, then it should work as expected. The fwknopd daemon should be better about validating the config file syntax though, and it should throw a warning if a configuration line does not have the trailing semicolon. I will add this to the 1.9.12 release (with a -pre release coming shortly). Thanks, --Mike > -- > Marc Delisle > http://infomarc.info > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
